IT Security News Daily Summary 2024-02-08

• Critical Vulnerability Could Allow Mastodon Account Takeover

• The Linux Foundation and its partners are working on cryptography for the post-quantum world

• US offers $10 million reward for info on Hive ransomware group leaders

• Fake LastPass lookalike made it into Apple App Store

• Bringing Composability to Firewalls with Runtime Protection Rules | Impart Security

• The best travel VPNs of 2024: Expert tested and reviewed

• Epik, the Far-Right’s Favorite Web Host, Has a Shadowy New Owner

• The best VPN for streaming in 2024: Expert tested and reviewed

• Keeper Security Available on Apple Vision Pro

• LastPass Free vs. Premium: Which Plan Is Right for You?

• NCC Group records the most ransomware victims ever in 2023

• Finance App Accuses Facebook Of Being A “Hotbed” For Scams

• Researchers say attackers are mass-exploiting new Ivanti VPN flaw

• China-Sponsored Hackers Lie in Wait to Attack US Infrastructure

• Atlas VPN Free vs. Premium: Which Plan Is Best For You?

• The Far-Right’s Favorite Web Host Has a Shadowy New Owner

• Unraveling the truth behind the DDoS attack from electric toothbrushes

• Spyware isn’t going anywhere, and neither are its tactics

• Hardening Apache APISIX With the OWASP’s Coraza and Core Ruleset

• Ransomware Payments Surpassed $1 Billion in 2023: Analysis

• China-Sponsored Hackers Lie in Wait to Attack U.S. Infrastructure

• Disney To Take $1.5 Billion Equity Stake In Epic Games

• Fake LastPass Password Manager App Lurks on iOS App Store

• London Underground Is Testing Real-Time AI Surveillance Tools to Spot Crime

• Google saves your conversations with Gemini for years by default

• Raspberry Robin devs are buying exploits for faster attacks

• Linux Vendors Squawk: PATCH NOW — CVSS 9.8 Bootkit Bug in shim.efi

• What Generative AI Means for Cybersecurity in 2024

• Big Names Join President Biden’s ‘AI Safety Institute Consortium’

• Good Application Security Posture Requires Good Data

• Best Practices To Create Highly Secure Applications in Mule 4

• CISA: Volt Typhoon had access to some U.S. targets for 5 years

• Raspberry Robin Evolves With Stealth Tactics, New Exploits

• Navigating the Cybersecurity Skills Gap in Critical Infrastructure

• Tips for Reducing Cybersecurity Risk for Your Business

• Preventing XSS Injection Attacks With A Content Security Policy

• Malicious Android Apps On Google Play Store Deliver VajraSpy RAT

• Google Rebrands Bard AI Chatbot As Gemini

• Report Details Scope of Global Threat to Elections

• Meta may not bring some products to Canada unless proposed AI law changed, Parliament told

• Linux Devs Rush to Patch Critical Vulnerability in Shim

• NetApp and OpenSSL: Teaming Up for More Secure Internet

• North Korea raked $3 billion from Ransomware and US offers $10m for Hive

• US Credit Union Service Leaks Millions of Records and Passwords in Plain Text

• Unleashing the Power of WebAssembly to Herald a New Era in Web Development

• A Comprehensive Guide To Achieving SOC 2 Compliance

• LimaCharlie Lands $10.2 Million Series A Funding

• Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft

• Malware-as-a-Service The Biggest Risk to Organizations Right Now

• Blackbaud Faces Criticism for Cybersecurity Lapses After 2020 Data Breach

• Qolsys IQ Panel 4, IQ4 HUB

• CISA Releases Two Industrial Control Systems Advisories

• Security flaw in a popular smart helmet allowed silent location tracking

• How to Enrich Data for Fraud Reduction, Risk Management and Mitigation in BFSI

• The Next Year in Cybersecurity: Quantum, Generative AI and LLMs & Passwords

• Indian Government Warns Social Media Platforms Over Deepfake Misinformation

• Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)

• Hacking Victims Paid $1.1bn In Ransoms Last Year

• Critical Cisco Expressway Flaw Let Remote Execute Arbitrary Code

• Federal Cybersecurity Agency Launches Program to Boost Support for State, Local Election Offices

• Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks

• Ivanti US Faces Security Crisis, Threatening Worldwide Systems

• Canadian Cybercriminal Sentenced to Two Years Agrees to Return All Victims for Stolen Funds

• LassPass is not LastPass: Fraudulent app on Apple App Store

• Invicti Security collaborates with Mend.io to give customers full code coverage and continuous security

• Surge in deepfake “Face Swap” attacks puts remote identity verification at risk

• Warning from LastPass as fake app found on Apple App Store

• Cybercrime duo accused of picking $2.5M from Apple’s orchard

• 2024 Cyberthreat Forecast: AI Attacks, Passkey Solutions and SMBs in the Crosshairs

• Ransomware Payments in 2023 Hit $1 Billion: Chainalysis

• MoS Finance Comments Google’s Swift Response in Removing 2,200 Deceptive Loan Apps

• France: 33 Million Social Security Numbers Exposed in Health Insurance Hack

• MalDocs in Word and Excel: A Persistent Cybersecurity Challenge

• Spoofing Temu for Credential Harvesting

• 2 million job seekers targeted by data thieves

• Google Announces Enhanced Fraud Protection for Android

• Cisco Patches Critical Vulnerabilities in Enterprise Communication Devices

• SMTP Yahoo Error Codes Explained

• Enhanced DigitalOcean Backups helps prevent data disruption

• New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

• Cybersecurity in Online Trading: Protecting Your Investments

• Closinglock, now with $12M, wants to prevent the 1 in 10 real estate transactions targeted for fraud

• Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade

• New Zardoor backdoor used in long-term cyber espionage operation targeting Islamic organization

• Canon Patches Seven Critical Flaws in Small Office Printers

• HPE Cybersecurity Challenge: Data Breach Sparks Investigation

• F5 unveils new capabilities to help protect against AI-powered threats

• Critical Manufacturing Vulnerabilities Surge 230% in Six Months

• I Stopped Using Passwords. It’s Great—and a Total Mess

• Cisco Joins U.S. Department of Commerce Consortium Dedicated to AI Safety

• VikingCloud introduces CCS Advantage to boost PCI compliance program value

• Akira, LockBit actively searching for vulnerable Cisco ASA devices

• NCSC Warns Of ‘Living Off The Land’ Attacks Against Critical Infrastructure

• On Software Liabilities

• Were 3 Million Toothbrushes Really Used for a DDoS Attack?

• How to Predict Your Patching Priorities

• Cohesity to acquire data security firm Veritas

• UK Government To Fund Two Semiconductor Research Hubs

• 2054, Part IV: A Nation Divided

• China-linked APT Volt Typhoon remained undetected for years in US infrastructure

• Kyndryl and Google Cloud expand partnership to develop responsible generative AI solutions

• HijackLoader Evolves: Researchers Decode the Latest Evasion Methods

• Unified Identity – look for the meaning behind the hype!

• The Anatomy of Trading Bot Scams: Strategies for Secure Investments

• ChatGPT Faces Data Protection Questions in Italy

• Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in Singapore

• 10 Reasons to Invest in Security Awareness Training

• Chinese Hackers Infiltrate Dutch Defense Networks with Coathanger RAT

• Get an Extensive Education in Cybersecurity for Just $46

• Coyote: A multi-stage banking Trojan abusing the Squirrel installer

• Ransomware Payments New Record Exceeds $905 Million Peak by over 11%

• US Warns of Destructive Chinese Cyber-Attacks

• Silicon In Focus Podcast: The Metaverse is Dead. Long Live the Metaverse

• Top 10 Unlocking UNIX Commands Cheat sheet: Your Ultimate Command-line

• Cisco fixes critical Expressway Series CSRF vulnerabilities

• Converging On-Premises & Cloud Network Security Into a Unified Hybrid Strategy

• Kimsuky’s New Golang Stealer ‘Troll’ and ‘GoBear’ Backdoor Target South Korea

• Risk Assessment of AWS services used in building a resilient Web App on AWS

• Rust can help make software secure – but it’s no cure-all

• AI in DevSecOps: Moving from A Co-Pilot to An Autopilot

• Prevention Strategies Inevitably Become a Constant Cat-and-Mouse Game

• AI-Enhanced Identity Fraud: A Mounting Threat to Organizations and Users

• AI: The Human Touch in Cybersecurity Recruitment

• Why Cybersecurity Maturity Model Certification (CMMC) Matters for All Businesses, Not Just DoD Contractors

• CTEM: Navigating the Future of Attack Surface

• NSFOCUS WAF Security Reports

• 10 tips for creating your security hackathon playbook

• Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products

• Beware of Facebook Ads That Deliver Password-Stealing Malware

• Google starts blocking users from sideloading certain apps in Singapore

• SOAPHound: Open-source tool to collect Active Directory data via ADWS

• Choosing the right partner when outsourcing cybersecurity

• Biden Administration Names a Director of the New AI Safety Institute

• As-a-Service tools empower criminals with limited tech skills

• How threat actors abuse OAuth apps

• Google Cybersecurity Action Team Threat Horizons Report #9 Is Out!

• Security Awareness Training: Building a Cyber-Resilient Workforce

• US Says China’s Volt Typhoon Hackers ‘Pre-Positioning’ for Cyberattacks Against Critical Infrastructure

• 3 million smart toothbrushes were not used in a DDoS attack after all, but it could happen

• Data Breach Response: A Step-by-Step Guide

• IT suppliers hacked off with Uncle Sam’s demands in aftermath of cyberattacks

• 3 million smart toothbrushes were just used in a DDoS attack. Or were they?

• Data Breach Affects 66,000 in SIM-Swapping Attacks on US Insurance Giants

• Volt Typhoon not the only Chinese crew lurking in US energy, critical networks

• CISA: China’s Volt Typhoon Hackers Planning Critical Infrastructure Disruption

• IT Security News Daily Summary 2024-02-07

• Google will block Android users from installing ‘unsafe’ apps in fraud protection test

• Info-Tech report outlines 5 GenAI initiatives CIOs must key in on

• China group may have been hiding in IT networks for five years, says Five Eyes warning

• China-backed Volt Typhoon hackers have lurked inside US critical infrastructure for ‘at least five years’

• Half of polled infosec pros say their degree was less than useful for real-world work

• SOC Evolution Is About More Than Automation

• CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

• NetSecOps best practices for network engineers

• Chainalysis: 2023 a ‘watershed’ year for ransomware

• Fortinet addressed two critical FortiSIEM vulnerabilities

• Free & Downloadable Cybersecurity Incident Response Plan Templates

• US says China’s Volt Typhoon is readying destructive cyberattacks

• Google Pushes Software Security Via Rust, AI-Based Fuzzing

• Elon Musk Continues Disney Feud, Funds Mandalorian Lawsuit

• Developing Software Applications Under the Guidance of Data-Driven Decision-Making Principles

• USENIX Security ’23 – Hengkai Ye, Song Liu, Zhechang Zhang, and Hong Hu – VIPER: Spotting Syscall-Guard Variables for Data-Only Attacks

• Randall Munroe’s XKCD ‘Relationship Advice’

• PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

• Meet the Cybersecurity Defender of 2024 for EMEA

• The Importance of Patching: An Analysis of the Exploitation of N-Day Vulnerabilities

• Governments and Tech Giants Unite Against Commercial Spyware

• Google To Pay $350m To Settle Google Plus Privacy Lawsuit

• Composability in Flow: Unlocking Technical and Business Opportunities

• Back to basics: Better security in the AI era

• From Cybercrime Saul Goodman to the Russian GRU

• Patched Critical Flaw Exposed JetBrains TeamCity Servers

• Try the New “Recommendations” Feature in Cisco Code Exchange

• How to Win the SMB Market with Cisco Secure Networking

• How to tell if your toothbrush is being used in a DDoS attack

• Few infosec pros think higher ed prepared them for their jobs: Survey

• CISA Launches #Protect2024 Resources Webpage for State and Local Election Officials

• Ransomware leak site reports rose by 49% in 2023, but there is good news

• Iran’s cyber operations in Israel a potential prelude to US election interference

• How ZTNA protects against internal network threats

• Experts warn of a critical bug in JetBrains TeamCity On-Premises

• Can Face Biometrics Prevent AI-Generated Deepfakes?

• ‘Leaky Vessels’ Cloud Flaws Enable Container Escapes Worldwide

• Northern Light Health Ensures Patient Record Security Following Weekend Cyberattack

• Google and CSA Singapore Combat Android Fraud With New Pilot

• Ransomware payments reached $1 billion in 2023

• Taylor Swift Threatens To Sue Student Who Clashed With Elon Musk

• VMware Releases Security Advisory for Aria Operations for Networks

• After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back

• Raspberry Pi Pico cracks BitLocker in under a minute

• Defence department upbraided for not doing PIAs on data extraction tools

• INTERPOL Uncovers 1,300+ Servers Used as Launchpads For Cyber Attacks

• Brief – Back to Basics: For Better Security, Bank on Function Over Form

• encryption

• Critical shim bug impacts every Linux boot loader signed in the past decade

• Harnessing Artificial Intelligence for Ransomware Mitigation

• Securiti AI enables organizations to safely use AI

• Amazon Cuts Hundreds Of Jobs In Health Units

• Active Scan Alert: Over 28,000 Ivanti Instances Exposed to Internet

• IBM Shows How Generative AI Tools Can Hijack Live Calls

• Facebook’s Two Decades: Four Transformative Impacts on the World

• Qualys TotalCloud 2.0 measures cyber risk in cloud and SaaS apps

• Chinese hackers breached Dutch Ministry of Defense

• Meta to Introduce Labeling for AI-Generated Images Ahead of US Election

• Ransomware Payments Hit a Record $1.1 Billion in 2023

• JetBrains Patches Critical Authentication Bypass in TeamCity

• Verizon Discloses Internal Data Breach Impacting 63,000 Employees

• Device Authority Raises $7M for Enterprise IoT Identity and Access Management Platform

• Most Linux Systems Exposed to Complete Compromise via Shim Vulnerability

• The 8 Must Haves for the Next Generation of SIEM

• ‘Total Bollocks’ — No, Your Toothbrush isn’t DDoS’ing

• Binance Data Breach Sparks Concerns: Dark Web Sale Rumors Surface

• Ransomware Payments Hit $1bn All-Time High in 2023

• Malicious PDFs, deepfakes, and romance scams were just some of the 10 billion cyber attacks we saw last year

• 4 Threat Hunting Techniques to Prevent Bad Actors in 2024

• Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros

• Endpoint security startup NinjaOne lands $231.5M at $1.9B valuation

• Harnessing the Power of AI in Cybersecurity — Predictions and Solutions

• SolarWinds offers complete hybrid visibility across on-premises and cloud networks

• Ransomware Payments Hit $1bn All-Time High Last Year

• Choosing the Right SMB Backup Solution

• Raspberry Robin: Evolving Cyber Threat with Advanced Exploits and Stealth Tactics

• Cyber Security Today, Feb. 7, 2024 – Deepfake video scam costs a company US$25 million

• JetBrains urges swift patching of latest critical TeamCity flaw

• The fight against commercial spyware misuse is heating up

• Twitter Spin-off Bluesky Opens Itself To General Public

• When is ART useful? When it’s IBM’s Adversarial Robustness Toolbox for AI

• Teaching LLMs to Be Deceptive

• Fortinet Patches Critical Vulnerabilities in FortiSIEM

• Cybersecurity M&A Roundup: 34 Deals Announced in January 2024

• Super Bowl of Passwords: Chiefs vs. 49ers in the Battle of Cybersecurity

• OneTrust launches Data Privacy Maturity Model

• DynaRisk Cyber Intelligence Data Lake enhances the accuracy of data breach predictions

• AnyDesk System Breach Raises Concerns Among MSP Users

• How quickly can things go horribly wrong if a hacker steals your Facebook credentials?

• TSMC To Build Second Factory In Japan

• TeamCity Authentication Bypass Flaw Let Attackers Gain Admin Control

• Phishception – SendGrid is abused to host phishing attacks impersonating itself

• Anonymous-Proxies: A Cutting-Edge Proxy Solution

• 2054, Part III: The Singularity

• Facebook fatal accident scam still rages on

• Entrust in final talks to acquire Onfido

• Centripetal and Platform 94 Join Forces to Bring Cybersecurity Defence to Irish Companies

• Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

• New Webinar: 5 Steps to vCISO Success for MSPs and MSSPs

• Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)

• On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)

• Martin Hellman: We’re playing Russian roulette

• Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks

• Researchers Uncover DiceLoader Malware Used to Attack Corporate Business

• Cybersecurity burnout hits APAC firms, with lack of resources the key challenge

• The Vital Role of Defensive AI: Safeguarding the Future

• WhatsApp Scams in 2024: How to Spot a Fake

• The spyware business is booming despite government crackdowns

• Chinese Spies Hack Dutch Networks With Novel Coathanger Malware

• China-linked APT deployed malware in a network of the Dutch Ministry of Defence

• Draft UN Cybercrime Treaty Could Make Security Research a Crime, Leading 124 Experts to Call on UN Delegates to Fix Flawed Provisions that Weaken Everyone’s Security

• Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty

• What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators

• Celebrating the 2024 CX Customer Hero Award Winners

• Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network

• Why budget allocation for cybersecurity is a necessity in corporate environments

• Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover – Patch Now

• Interesting cybersecurity news headlines trending on Google

• Mastering SBOMs: Best practices

• Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure

• Common cloud security mistakes and how to avoid them

• Demystifying SOC-as-a-Service (SOCaaS)

• Enhancing adversary simulations: Learn the business to attack the business

• Whitepaper: Why Microsoft’s password protection is not enough

• Cybersecurity teams hesitate to use automation in TDIR workflows

• Legit Security Named in the 2024 Gartner® Emerging Tech Impact Radar: Cloud-Native Platforms report

• More countries to act against misuse of spyware

• Endpoint Security: Protecting Devices in a Remote World

• Meta Says It Will Label AI-Generated Images on Facebook and Instagram

• USENIX Security ’23 – Wen Li, Jinyang Ruan, Guangbei Yi, Long Cheng, Xiapu Luo, Haipeng Cai – PolyFuzz: Holistic Greybox Fuzzing of Multi-Language Systems

• Cloud Security: Ensuring Data Protection in the Cloud

• DEF CON is canceled! No, really this time – but the show will go on

• Antivirus Software: A Comprehensive Guide

• Facebook Vows To Crack Down On Deceptive Content By Labeling AI-Generated Images

Generated on 2024-02-08 23:55:37.624858